Picture of the Author
Christopher Philp

The Joys of Kustomize Patches

Sense makes much

After recently working on some k8's deployments we came across this obscure error when attempting to delete multiple unneeded Secrets generated by Helm.

Error: trouble configuring builtin PatchTransformer with config: `
path: my_patch.yaml
target:
  kind: ServiceAccount
...
`: unable to parse SM or JSON patch from [my_patch.yaml]

Doing some investigation it was discovered that the pretty innocuous patch in question:

- patch: |
    \$patch: delete
    kind: ServiceAccount
    metadata:
      namespace: my-namespace
  target:
    kind: Secret

was missing a mandatory name field. I mean, why would you need a name? It's just a patch, right? Well, apparently not. And turns out the value can be anything you want, so long as it's there...

- patch: |
    \$patch: delete
    kind: ServiceAccount
    metadata:
      name: this-can-be-anything
      namespace: my-namespace
  target:
    kind: Secret